CVE-2023-28649

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-413
View all →

Vulnerability Description

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.

Related Vulnerabilities

CVE-2022-20678

HIGH
CVSS:7.5(High)

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

CWE-4132022

CVE-2022-49737

HIGH
CVSS:7.7(High)

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a loc...

CWE-4132022

CVE-2019-17102

HIGH
CVSS:8.1(High)

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks at...

CWE-4132019

CVE-2019-17102

HIGH
CVSS:8.1(High)

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks at...

CWE-4132019

CVE-2022-49737

HIGH
CVSS:7.7(High)

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a loc...

CWE-4132022

CVE-2022-20678

HIGH
CVSS:7.5(High)

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

CWE-4132022